Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
dingtalk-cli
v1.0.0当用户提到钉钉知识库、钉钉文档、读取/写入文档、知识库目录、文档成员、`.axls` 表格、workbook、dingtalk doc、wiki workspace 时使用。通过本地 `dingtalk-cli` 命令调用钉钉开放平台 API,适合 agent 直接执行。
⭐ 0· 186·0 current·0 all-time
byMianPeng Zheng@ianen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly intends to drive a local dingtalk-cli binary (read/write docs, workbooks, members). That purpose is coherent with the name/description. However the instructions require DingTalk credentials (app key/secret and operator id) and a config file at ~/.dingtalk-cli/config.json, but the skill metadata declares no required environment variables or config paths — an inconsistency between what the skill needs at runtime and what is advertised.
Instruction Scope
Runtime instructions tell the agent to run local CLI commands that will read/write documents and to save credentials via `dingtalk-cli auth setup` which writes to ~/.dingtalk-cli/config.json (or use env vars). The actions are within the described purpose, but they include storing and reading sensitive credentials from the user's home directory and rely on a separately-installed binary; the SKILL.md does not describe how long-lived tokens are handled or file permissions, which is relevant for security.
Install Mechanism
There is no formal install spec in the registry (skill is instruction-only). SKILL.md recommends `pip install dingtalk-cli`. Installing a third-party pip package is a moderate-risk action (it fetches and executes remote code). The skill metadata does not provide a vetted source/URL or checksum; users should verify the PyPI package and its source before installing.
Credentials
The instructions reference sensitive environment variables (DINGTALK_APP_KEY, DINGTALK_APP_SECRET, DINGTALK_OPERATOR_ID) and require a real operator identity for write operations. Those variables are appropriate for the stated purpose, but the skill metadata lists no required env vars or primary credential; this omission reduces transparency about what secrets are needed and should raise caution.
Persistence & Privilege
The CLI stores configuration under ~/.dingtalk-cli/config.json (persistence limited to the user's home). always is false and the skill does not request system-wide privileges. Still, storing credentials locally creates a persistent credential surface the agent or CLI can later use; users should be aware of where credentials are written and protect that file (permissions, scope-limited credentials).
What to consider before installing
This skill's instructions require DingTalk app credentials and will write them to ~/.dingtalk-cli/config.json or read them from environment variables, but the registry entry does not declare those requirements — that's an inconsistency you should resolve before installing. Before using: (1) verify the dingtalk-cli package source (PyPI project page, GitHub repo) and review its code or install in an isolated environment; (2) prefer providing a scoped service account or short-lived credentials, not a full human account; (3) check and restrict ~/.dingtalk-cli/config.json file permissions; (4) if you need metadata declared for audits, ask the publisher to list required env vars/config paths and justify them. If you cannot verify the underlying pip package, treat this skill as higher-risk.Like a lobster shell, security has layers — review code before you run it.
latestvk970nrg1vf57sepevc7g1mps1h83588g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.